Built in or extension?

I found this extension for Yii 1.1 but don't see any relevant extension for Yii 2 . So I'm wondering if there is one or is it built-in by default?

Also, when data properties gets set in your model for a form such as:

namespace appmodels;

use yiibasemodel;

class SignupForm extends Model {

    public $company_name;
    public $first_name;
    public $last_name;
    public $email;
    public $username;
    public $password;
    public $password_again;

    /**
     * Validation rules
     */ 

    public function rules() {       
        return [
            // Format some data
            [['company_name', 'first_name', 'last_name', 'email', 'username', 'password', 'password_again'], 'trim'],
            ['username', 'filter', 'filter' => 'strtolower'],
            // If company scenario, require company name
            ['company_name', 'required', 'on' => 'company'],
            //..............
        ];
    )

}

Is this data sanitized by default or does one have to sanitize it themselves?

So I guess my main question is - how do I sanitize data with Yii 2?

---

您可以尝试使用HTMLPurifier来清理输入，如下所示：

[['attr1', 'attr2'], function ($attribute) {
    $this->$attribute = yiihelpersHtmlPurifier::process($this->$attribute);
}],

---

I'm surprised that in 4 months this subject hasn't got more feedback.

I think that there is no easy, cure-all extension and, as with any web application, it depends on the type of data being input and how you are going to store it and then use it.

However, I think the following Yii1 wiki page is still every bit as relevant to Yii2 and shows you what validation is relevant and when:

http://www.yiiframework.com/wiki/275/how-to-write-secure-yii-applications/

链接地址: http://www.djcxy.com/p/82772.html

上一篇: 是否有可能使HTML元素属性不可变？

下一篇: 内置或扩展？